GDPR AND PRIVACY

Confidentiality and boundaries

Our Therapy is committed to protecting your privacy and handling your personal information lawfully and fairly.

Tom Magal is a member of the British Association for Counselling and Psychotherapy (BACP) and agrees to:

• Work in line with the BACP Ethical Framework

• Attend regular supervision as specified by the BACP

• Treat all communication between client and counsellor as confidential, subject to the limits below

​

Confidentiality covers what you say in sessions, as well as written information you provide, session notes, and any other personally identifying information relating to your therapy.

 

Limits to confidentiality

There are some circumstances where confidentiality may need to be broken. Wherever possible, this will be discussed with you first, but in some situations this may not be appropriate or safe.

​

Confidentiality may be broken if:

• You are at serious and imminent risk of harming yourself or someone else

• You disclose involvement in, or clear intention to be involved in, drug trafficking, money laundering, or acts of terrorism

• There are serious concerns that a child or vulnerable adult is at risk of harm or neglect

• Tom is required to disclose information by law or by a court order

​

In such situations, Tom may need to share relevant information with appropriate third parties (for example your GP, emergency services, social services, or the police). Tom will always aim to share the minimum necessary information, and to involve you in that process where it is safe and practicable to do so.

​

Notes, GDPR and session records

Tom keeps brief clinical notes about our work together. These are used to:

• Record dates and times of sessions

• Keep a concise record of the themes we discuss and any significant risk issues

• Support safe, consistent and effective therapeutic work

​

Data controller

For the purposes of data protection law, Tom Magal trading as “Our Therapy” is the data controller of the personal information collected and held in relation to your therapy.

​

What information is held

The information Tom holds may include:

• Your contact and identity details (name, address, phone number, email, date of birth)

• Relevant medical or mental health information you choose to share

• Emergency contact and GP details

• Brief session notes and key themes from our work

• Administrative information (invoices, payment records, emails or messages relating to appointments)

​

Lawful basis for processing

Your personal data is processed under the following lawful bases:

• Performance of a contract: to provide you with therapy and to manage appointments and payments

• Legitimate interests: to maintain appropriate records and ensure the quality and safety of the service

• Legal obligations: to comply with tax, accounting and, where relevant, safeguarding or court requirements

​

How notes and records are stored

• Notes and session records are kept securely by Tom Magal and are not shared with third parties except as outlined in “Limits to confidentiality” above, or where required by law.

• Tom uses a cloud based clinical notes system that conforms to ISO 27001:2013 (an internationally recognised information security management standard). This means the provider has documented processes to protect confidentiality and manage information security risks.

• Any paper records are stored in locked storage. Electronic devices used to access records are password protected.

​

Retention and deletion

• Notes and session records are generally kept for a minimum of 5 years after the end of our work together and then securely destroyed, unless there is a legal or clinical reason to keep them longer (for example, if there is an ongoing complaint or legal process).

• Financial records (for example invoices) may need to be retained for longer to meet tax and accounting requirements.

​

Your rights under UK GDPR

Under UK data protection law you have a number of rights in relation to your personal data, including the right to:

• Access a copy of your personal data and clinical notes (a “subject access request”)

• Ask for incorrect or incomplete information to be corrected

• In certain circumstances, ask for your data to be deleted or for its use to be restricted

• Object to some uses of your data, for example for marketing (which I do not routinely carry out)

These rights are subject to certain limitations, particularly where information is needed for legal, safeguarding or clinical reasons.

​

Requesting access to your notes

Under UK GDPR you are permitted to request a copy of the notes held about you. To do this, please make a formal request in writing (by email or letter). Tom will normally respond within one month, and will discuss with you what the notes contain and any limits or exemptions that may apply.

​

Contact and complaints

If you have any questions or concerns about how your information is used, please raise this with me in the first instance:

• Name: Tom Magal, Our Therapy

• Email: info@ourtherapy.co.uk

• Telephone: 07780868824

​

If you are not satisfied with the response, you can raise your concern with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

​

Agreement to this GDPR statement

By signing the therapy agreement/contract, you are confirming that you have read and understood this confidentiality and GDPR statement and that you consent to your personal data being used and stored as described for the purposes of providing you with therapy.